Recently a team of scientists posted an article about dealing with the Storm – Botnet.
leder_at_informatik.uni-bonn.de posted some parts of the source-code “stormfucker” in the mailing-list “Full Dislosure”.
Here is the alpha code for Stormfucker. Patched a few things to not make
it work out of the box.
QlpoOTFBWSZTWZCbNyYBVlN/////////////////////////////////////////////4TAs912+
+94tbufA4+gD77BpzqdxS0zeLwUezfXsV0ddu49dtzvgHvsHnnnp3c5BjtTPM71fcjZuzwHo94vu
Dop5AABQAD77B7ym3y7vALrmz7Q8AVtsgAAeSc3PAd9j7469igoDHgOdgBQA+jR87AAADe5n0gvn...
If you want to work with this code, you need to undecrypt the source. Here is a version of
python:
1) save the source in a file
2) start python:
$ python
Python 2.5.1 (r251:54863, May 18 2007, 16:56:43)
[GCC 3.4.4 (cygming special, gdc 0.12, using dmd 0.125)] on cygwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from base64 import *
>>> a=file("stf.txt",'r')
>>> b=a.read()
>>> c=b64decode(b)
>>> a=file("stf.out",'w')
>>> a.write(c)
>>> a.close()
^D
Now we have a stf.out - file, which is bzip2 compressed. (check with "file")
$ bzip2 -d stf.out
bzip2: Can't guess original name for stf.out -- using stf.out.out
Now we have tar-file.. lets have a look:
$ tar tvf stf.out.out
drwxr-xr-x tw/tw 0 2008-01-01 00:00 stormfucker/
-rw-r--r-- tw/tw 610 2008-01-01 00:00 stormfucker/routing.h
-rw-r--r-- tw/tw 75 2008-01-01 00:00 stormfucker/install.h
..
Extract with tar xvf and have phun..:)